Spring Integration Zip
Approved changes feed: RSS · Atom
cpe:2.3:a:pivotal:spring_integration_zip:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Pivotal (c2eefbd5-173d-5b7c-b22b-5a5aa11c4b70) |
|---|---|
| Product | Spring Integration Zip (e1b5472e-2e42-5f7f-ba20-d3e4738d4435) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-1263 |
vulnerable | 2026-06-03 14:38:30.715432 |
Details available
Addresses partial fix in CVE-2018-1261. Pivotal spring-integration-zip, versions prior to 1.0.2, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
Published: 2018-05-15T20:00:00.000Z
Updated: 2024-09-16T16:38:32.767Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-1261 |
vulnerable | 2026-06-03 14:38:30.706919 |
Details available
Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary file write vulnerability, which can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z) that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
Published: 2018-05-11T20:00:00.000Z
Updated: 2024-09-17T01:46:47.886Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.